Tools

"... Civitas is the first electronic voting system that is coercion-resistant, universally and voter verifiable, and suitable for remote voting. This paper describes the design and implementation of Civitas. Assurance is established in the design through security proofs, and in the implementation through ..."

Civitas is the first electronic voting system that is coercion-resistant, universally and voter verifiable, and suitable for remote voting. This paper describes the design and implementation of Civitas. Assurance is established in the design through security proofs, and in the implementation through information-flow security analysis. Experimental results give a quantitative evaluation of the tradeoffs between time, cost, and security. 1.

...unlike Civitas, an adversary could successfully coerce a voter by forcing the voter to submit a new vote, then keeping the voter under surveillance until the end of the election. 12Prêt à Voter 2006 =-=[64]-=- offers a weak form of coercion resistance, if voting is supervised. The construction of ballots depends on non-uniformly distributed seeds, which might enable the adversary to learn information about...

"... We present three new paper-based voting methods with interesting security properties. Our goal is to achieve the same security properties as recently proposed cryptographic voting protocols, but using only paper ballots and no cryptography. From a security viewpoint we get reasonably close, particul ..."

We present three new paper-based voting methods with interesting security properties. Our goal is to achieve the same security properties as recently proposed cryptographic voting protocols, but using only paper ballots and no cryptography. From a security viewpoint we get reasonably close, particularly for short ballots. However, our proposals should probably be considered as more “academic ” than “practical.” In these proposals, not only can each voter verify that her vote is recorded as intended, but she gets a “receipt ” she can take home that can be used later to verify that her vote is actually included in the final tally. But her receipt does not allow her to prove to anyone else how she voted. All ballots cast are scanned and published in plaintext on a “public bulletin board ” (web site), so anyone may correctly compute the election result. In ThreeBallot, each voter casts three paper ballots, with certain restrictions on how they may be filled out. These paper ballots are of course “voterverifiable.” A voter receives a copy of one of her ballots as her “receipt”, which she may take home. Only the voter knows which ballot she copied for her receipt. The voter is unable to use her receipt to prove how she voted or to sell her vote, as the receipt doesn’t reveal how she voted. A voter can check that the web site contains a ballot matching her receipt. Deletion or modification of ballots is thus detectable; so the integrity of the election is verifiable. VAV is like ThreeBallot, except that the ballotmarking rules are different: one ballot may “cancel” another (VAV = Vote/Anti-Vote/Vote). VAV is better suited to – i.e. yields better security properties ∗ The latest version of this paper is always at

"... This paper defines and explores the notion of “software independence” in voting systems: A voting system is software-independent if an undetected change or error in its software cannot cause an undetectable change or error in an election outcome. We propose that software independent voting systems ..."

This paper defines and explores the notion of “software independence” in voting systems: A voting system is software-independent if an undetected change or error in its software cannot cause an undetectable change or error in an election outcome. We propose that software independent voting systems should be preferred, and software-dependent voting systems should be avoided. VVPAT and some cryptographically-based voting systems are software-independent. Variations and implications of this definition are explored. This white paper is also for discussion by the Technical Guidelines Development Committee (TGDC) in its development of the Voluntary Voting System Guidelines (VVSG) of 2007.

"... We present a new paper-based voting method with interesting security properties. The attempt here is to see if one can achieve the same security properties of recently proposed cryptographic voting protocols, but without using any cryptography, using only paper ballots. We partially succeed. (Initia ..."

We present a new paper-based voting method with interesting security properties. The attempt here is to see if one can achieve the same security properties of recently proposed cryptographic voting protocols, but without using any cryptography, using only paper ballots. We partially succeed. (Initially, I thought the proposal accomplished this goal, but several readers discovered a vote-buying attack (see Section 4.4) that appears to be rather difficult to fix without making the resulting system much less usable in practice. Currently, this paper should thus be viewed more as an academic proposal than a practical proposal. Perhaps some variation on these ideas in this paper might still turn out to be of practical use. The “OneBallot with Exchanged Receipts” system sketched at the end of Section 5.3.1, looks particularly promising at the moment...) The principles of ThreeBallot are simple and easy to understand. In this proposal, not only can each voter verify that her vote is recorded as she intended, but she gets a “receipt” that she can take home that can be used later to verify that her vote is actually included in the final tally. Her receipt, however, does not allow her to prove to anyone else how she voted. In this “ThreeBallot ” voting system, each voter casts three paper ballots, with certain restrictions on how they may be filled out, so the tallying works. These paper ballots are of course “voter-verifiable. ” All ballots cast are scanned and published on a web site, so anyone may correctly compute the election result. A voter receives a copy of one of her ballots as her “receipt”, which she may take home. Only the voter knows which ballot she copied for her receipt. The voter is unable to use her receipt to prove how she voted or to sell her vote, as the receipt doesn’t reveal how she voted. A voter can check that the web site contains a ballot ∗ The latest version of this paper can always be found at

... do so in a way that gives her vote undue influence. 8 Discussion Cryptographic techniques can also provide all of the security properties of ThreeBallot. See Chaum [5], Chaum et al. [6], Ryan et al. =-=[18, 17]-=-, Karloff et al. [13], Smith [22], and Adida [3] for presentations and discussions of cryptographic voting methods. However, ThreeBallot achieves very nearly the same security properties, without the ...

"... Prêt à Voter provides a practical approach to end-to-end verifiable elections with a simple, familiar voter-expe-rience. It assures a high degree of transparency while preserving secrecy of the ballot. Assurance arises from the auditability of the election itself, rather than the need to place trus ..."

Prêt à Voter provides a practical approach to end-to-end verifiable elections with a simple, familiar voter-expe-rience. It assures a high degree of transparency while preserving secrecy of the ballot. Assurance arises from the auditability of the election itself, rather than the need to place trust in the system components. The original idea has undergone several revisions and enhancements since its inception in 2004, driven by the iden-tification of threats, the availability of improved cryptographic primitives, and the desire to make the scheme as flexible as possible. This paper presents the key elements of the approach and describes the evolution of the design and their suitability in various contexts. We also describe the voter experience, and the security properties that the schemes provide.

...ity of election equipment and the confidence that can be placed in its correct operation. Over the past five years, the Prêt à Voter voting system and developments of it have been proposed [14], [49]–=-=[51]-=-. This voting system obtains its assurance from its auditability: it is designed to enable checking, by the voter and by audit teams, of the various phases of collecting and processing the votes, and ...

...s 50% chance to detect the fraud ballot, any attempt to cheat in more than a very small number of ballots would be detected with overwhelming probability. Ryan’s cut-and-choose method also appears in =-=[51, 4, 8]-=-. Neff’s scheme [42] is based on a different approach. The voter first indicates her intent to the voting machine, the machine then constructs an encrypted electronic ballot representing this voter’s ...

"... Code voting seeks to address the issues of privacy and integrity for Remote Internet Voting. It sidesteps many of the inherent vulnerabilities of the Internet and client platforms but it does not provide end-to-end verification that votes are counted as cast. In this paper, we propose a simple techn ..."

Code voting seeks to address the issues of privacy and integrity for Remote Internet Voting. It sidesteps many of the inherent vulnerabilities of the Internet and client platforms but it does not provide end-to-end verification that votes are counted as cast. In this paper, we propose a simple technique to enhance the verifiability of code voting by ensuring that the Vote Server can only access the acknowledgement codes if the vote code is correctly registered by a threshold set of Trustees. The mechanism proposed here therefore adds an extra level of verifiability in registering and counting the vote. Voter-verification is simple and direct: the voters need only check that the acknowledgement code returned to them agrees with the value on their code sheet. To ensure receipt-freeness we propose the use of a single acknowledgement code per code sheet, rather than individual acknowledgement codes for each candidate with usual code voting.

"... It is immensely challenging to devise a voting system that guarantees both the correct reflection of the will of the voters and the secrecy of the ballots, based solely on compelling, objective evidence. In response to this challenge, various voting protocols have been proposed, typically using cryp ..."

It is immensely challenging to devise a voting system that guarantees both the correct reflection of the will of the voters and the secrecy of the ballots, based solely on compelling, objective evidence. In response to this challenge, various voting protocols have been proposed, typically using cryptography, that seek to base the assurance of accuracy on transparency and auditability. This approach is neatly captured by the maxim ``verify the election results, not the voting system!&apos;&apos;. Such protocols strive to achieve a new requirement, that of voter-verifiability: voters are able to confirm that their vote is accurately counted while maintaining ballot secrecy. This paper describes the concept of voter-verifiability, and it outlines a particular voting protocol, the Prêt à Voter protocol, to achieving voter-verifiabilty. A new version of the protocol that exploits some special features of the Paillier encryption algorithm is presented. This gives a more elegant and robust implementation of Prêt à Voter than previous versions. In particular, the fact that Paillier encryption allows the secret key holder to recover the randomisation as well as the plaintext, enables a

... refer to this version of the scheme as Prêt à Voter’05. Prêt à Voter’05 [8] uses RSA encryption and a layered construction for the ballot form onions and decryption mixes at the tabulation stage. In =-=[24]-=- this was adapted to use exponential ElGamal in place of RSA, so enabling the use of re-encryption mixes in place of decryption mixes. This has several advantages, for example, clean separation of mix...

"... ... several revisions and enhancements since its inception in 2004, resulting in a family of election systems designed to provide end-to-end verifiability and a high degree of transparency while ensuring secrecy of the ballot. Assurance for these systems arises from the auditability of the election ..."

... several revisions and enhancements since its inception in 2004, resulting in a family of election systems designed to provide end-to-end verifiability and a high degree of transparency while ensuring secrecy of the ballot. Assurance for these systems arises from the auditability of the election itself, rather than the need to place trust in the system components. This paper brings together the variations of Prêt a ̀ Voter, presents their design, describes the voter experience, and considers the security properties that they provide.

"... A number of voter-verifiable electronic voting schemes have been introduced in the recent decades. These schemes not only provide each voter with a receipt without the threat of coercion and ballot selling, but also the ballot tallying phase can be publicly verified. Further-more, these schemes are ..."

A number of voter-verifiable electronic voting schemes have been introduced in the recent decades. These schemes not only provide each voter with a receipt without the threat of coercion and ballot selling, but also the ballot tallying phase can be publicly verified. Further-more, these schemes are robust because the power of authorities can be threshold distributed. Generally speaking, the homomorphic encryption schemes are efficient but they are unable to handle some preferential elections, such as STV elections and Condorcet elections. The mix network schemes are versatile, but they are not as efficient as the homomorphic encryption schemes in approval elections. In this paper, we will present a new electronic voting schemes which is secure, versatile and efficient. We call our proposal scheme the Prêt a ̀ Voter: All-In-One because it is based on the re-encryption version of the Prêt a ̀ Voter scheme and inherits most of its security properties. Our scheme not only handles both approval elections and preferential elections, but also the ballot tallying phase will always be the most efficient because according to different elections, different tally strategies can be applied. 1

...hat in e-voting schemes, if the ballot tallying phase is only implemented by applying the homomorphic property, they are impractical for STV elections. 2s3 Introduction of the Prêt à Voter schemes In =-=[2, 10]-=-, Ryan et al. have introduced two versions of the Prêt à Voter schemes which can be implemented in STV elections. We now present a brief overview of these Prêt à Voter schemes. For full details, see [...